- 10 Dec, 2022 6 commits
-
-
Julian Anastasov authored
Change the run_estimation flag to start/stop the kthread tasks. Signed-off-by:
Julian Anastasov <ja@ssi.bg> Cc: yunhong-cgl jiang <xintian1976@gmail.com> Cc: "dust.li" <dust.li@linux.alibaba.com> Reviewed-by:
Jiri Wiesner <jwiesner@suse.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Julian Anastasov authored
Allow the kthreads for stats to be configured for specific cpulist (isolation) and niceness (scheduling priority). Signed-off-by:
-
Julian Anastasov authored
Estimating all entries in single list in timer context by single CPU causes large latency with multiple IPVS rules as reported in [1], [2], [3]. Spread the estimator structures in multiple chains and use kthread(s) for the estimation. The chains are processed in multiple (50) timer ticks to ensure the 2-second interval between estimations with some accuracy. Every chain is processed under RCU lock. Every kthread works over its own data structure and all such contexts are attached to array. The contexts can be preserved while the kthread tasks are stopped or restarted. When estimators are removed, unused kthread contexts are released and the slots in array are left empty. First kthread determines parameters to use, eg. maximum number of estimators to process per kthread based on chain's length (chain_max), allowing sub-100us cond_resched rate and estimation taking up to 1/8 of the CPU capacity to avoid any problems if chain_max is not correctly calculated. chain_max is calculated taking into account factors such as CPU speed and memory/cache speed where the cache_factor (4) is selected from real tests with current generation of CPU/NUMA configurations to correct the difference in CPU usage between cached (during calc phase) and non-cached (working) state of the estimated per-cpu data. First kthread also plays the role of distributor of added estimators to all kthreads, keeping low the time to add estimators. The optimization is based on the fact that newly added estimator should be estimated after 2 seconds, so we have the time to offload the adding to chain from controlling process to kthread 0. The allocated kthread context may grow from 1 to 50 allocated structures for timer ticks which saves memory for setups with small number of estimators. We also add delayed work est_reload_work that will make sure the kthread tasks are properly started/stopped. ip_vs_start_estimator() is changed to report errors which allows to safely store the estimators in allocated structures. Many thanks to Jiri Wiesner for his valuable comments and for spending a lot of time reviewing and testing the changes on different platforms with 48-256 CPUs and 1-8 NUMA nodes under different cpufreq governors. [1] Report from Yunhong Jiang: https://lore.kernel.org/netdev/D25792C1-1B89-45DE-9F10-EC350DC04ADC@gmail.com/ [2] https://marc.info/?l=linux-virtual-server&m=159679809118027&w=2 [3] Report from Dust: https://archive.linuxvirtualserver.org/html/lvs-devel/2020-12/msg00000.htmlSigned-off-by:
-
Julian Anastasov authored
Use the provided u64_stats_t type to avoid load/store tearing. Fixes: 316580b6 ("u64_stats: provide u64_stats_t type") Signed-off-by:
-
Julian Anastasov authored
Move alloc_percpu/free_percpu logic in new functions Signed-off-by:
-
Julian Anastasov authored
In preparation to using RCU locking for the list with estimators, make sure the struct ip_vs_stats are released after RCU grace period by using RCU callbacks. This affects ipvs->tot_stats where we can not use RCU callbacks for ipvs, so we use allocated struct ip_vs_stats_rcu. For services and dests we force RCU callbacks for all cases. Signed-off-by:
-
- 08 Dec, 2022 1 commit
-
-
Li Qiong authored
Add a 'default' case in case return a uninitialized value of ret, this should not ever happen since the follow transmit path types: - FLOW_OFFLOAD_XMIT_UNSPEC - FLOW_OFFLOAD_XMIT_TC are never observed from this path. Add this check for safety reasons. Signed-off-by:
Li Qiong <liqiong@nfschina.com> Signed-off-by:
-
- 30 Nov, 2022 4 commits
-
-
Florian Westphal authored
icmp conntrack will set icmp redirects as RELATED, but icmpv6 will not do this. For icmpv6, only icmp errors (code <= 128) are examined for RELATED state. ICMPV6 Redirects are part of neighbour discovery mechanism, those are handled by marking a selected subset (e.g. neighbour solicitations) as UNTRACKED, but not REDIRECT -- they will thus be flagged as INVALID. Add minimal support for REDIRECTs. No parsing of neighbour options is added for simplicity, so this will only check that we have the embeeded original header (ND_OPT_REDIRECT_HDR), and then attempt to do a flow lookup for this tuple. Also extend the existing test case to cover redirects. Fixes: 9fb9cbb1 ("[NETFILTER]: Add nf_conntrack subsystem.") Reported-by:
Eric Garver <eric@garver.life> Link: https://github.com/firewalld/firewalld/issues/1046Signed-off-by:
Florian Westphal <fw@strlen.de> Acked-by:
-
Vishwanath Pai authored
Add a new parameter to complement the existing 'netmask' option. The main difference between netmask and bitmask is that bitmask takes any arbitrary ip address as input, it does not have to be a valid netmask. The name of the new parameter is 'bitmask'. This lets us mask out arbitrary bits in the ip address, for example: ipset create set1 hash:ip bitmask 255.128.255.0 ipset create set2 hash:ip,port family inet6 bitmask ffff::ff80 Signed-off-by:
Vishwanath Pai <vpai@akamai.com> Signed-off-by:
Joshua Hunt <johunt@akamai.com> Signed-off-by:
Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by:
-
Florian Westphal authored
No need to have distinct functions. After merge, ipv6 can avoid protooff computation if the connection neither needs sequence adjustment nor helper invocation -- this is the normal case. Signed-off-by:
-
Sriram Yagnaraman authored
SCTP conntrack currently assumes that the SCTP endpoints will probe secondary paths using HEARTBEAT before sending traffic. But, according to RFC 9260, SCTP endpoints can send any traffic on any of the confirmed paths after SCTP association is up. SCTP endpoints that sends INIT will confirm all peer addresses that upper layer configures, and the SCTP endpoint that receives COOKIE_ECHO will only confirm the address it sent the INIT_ACK to. So, we can have a situation where the INIT sender can start to use secondary paths without the need to send HEARTBEAT. This patch allows DATA/SACK packets to create new connection tracking entry. A new state has been added to indicate that a DATA/SACK chunk has been seen in the original direction - SCTP_CONNTRACK_DATA_SENT. State transitions mostly follows the HEARTBEAT_SENT, except on receiving HEARTBEAT/HEARTBEAT_ACK/DATA/SACK in the reply direction. State transitions in original direction: - DATA_SENT behaves similar to HEARTBEAT_SENT for all chunks, except that it remains in DATA_SENT on receving HEARTBEAT, HEARTBEAT_ACK/DATA/SACK chunks State transitions in reply direction: - DATA_SENT behaves similar to HEARTBEAT_SENT for all chunks, except that it moves to HEARTBEAT_ACKED on receiving HEARTBEAT/HEARTBEAT_ACK/DATA/SACK chunks Note: This patch still doesn't solve the problem when the SCTP endpoint decides to use primary paths for association establishment but uses a secondary path for association shutdown. We still have to depend on timeout for connections to expire in such a case. Signed-off-by:
Sriram Yagnaraman <sriram.yagnaraman@est.tech> Reviewed-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
-
- 22 Nov, 2022 11 commits
-
-
Dan Carpenter authored
The __nft_expr_type_get() function returns NULL on error. It never returns error pointers. Fixes: 3a07327d ("netfilter: nft_inner: support for inner tunnel header matching") Signed-off-by:
Dan Carpenter <error27@gmail.com> Signed-off-by:
-
Paolo Abeni authored
Colin Foster says: ==================== cleanup ocelot_stats exposure The ocelot_stats structures became redundant across all users. Replace this redundancy with a static const struct. After doing this, several definitions inside include/soc/mscc/ocelot.h no longer needed to be shared. Patch 2 removes them. Checkpatch throws an error for a complicated macro not in parentheses. I understand the reason for OCELOT_COMMON_STATS was to allow expansion, but interestingly this patch set is essentially reverting the ability for expansion. I'm keeping the macro in this set, but am open to remove it, since it doesn't _actually_ provide any immediate benefits anymore. ==================== Link: https://lore.kernel.org/r/20221119231406.3167852-1-colin.foster@in-advantage.comSigned-off-by:
Paolo Abeni <pabeni@redhat.com>
-
Colin Foster authored
Ocelot uses regmap_bulk_read() operations to efficiently read stats registers. Currently the implementation relies on the stats layout to be ordered to be most efficient. Issue a warning if any future implementations happen to break this pattern. Signed-off-by:
Colin Foster <colin.foster@in-advantage.com> Co-developed-by:
Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by:
-
Colin Foster authored
Since commit 4d1d157f ("net: mscc: ocelot: share the common stat definitions between all drivers") there is no longer a need to share the stats structures to the world. Relocate these definitions to inside ocelot_stats.c instead of a global include header. Signed-off-by:
-
Colin Foster authored
Ever since commit 4d1d157f ("net: mscc: ocelot: share the common stat definitions between all drivers") the stats_layout entry in ocelot and felix drivers have become redundant. Remove the unnecessary code. Suggested-by:
Vladimir Oltean <olteanv@gmail.com> Signed-off-by:
-
Björn Töpel authored
The selftests/net does not have proper cross-compilation support, and does not properly state libbpf as a dependency. Mimic/copy the BPF build from selftests/bpf, which has the nice side-effect that libbpf is built as well. Signed-off-by:
Björn Töpel <bjorn@rivosinc.com> Reviewed-by:
Anders Roxell <anders.roxell@linaro.org> Link: https://lore.kernel.org/r/20221119171841.2014936-1-bjorn@kernel.orgSigned-off-by:
-
Tiezhu Yang authored
The latest version of grep claims the egrep is now obsolete so the build now contains warnings that look like: egrep: warning: egrep is obsolescent; using grep -E fix this up by moving the related file to use "grep -E" instead. sed -i "s/egrep/grep -E/g" `grep egrep -rwl samples/pktgen` Here are the steps to install the latest grep: wget http://ftp.gnu.org/gnu/grep/grep-3.8.tar.gz tar xf grep-3.8.tar.gz cd grep-3.8 && ./configure && make sudo make install export PATH=/usr/local/bin:$PATH Signed-off-by:
Tiezhu Yang <yangtiezhu@loongson.cn> Link: https://lore.kernel.org/r/1668826504-32162-1-git-send-email-yangtiezhu@loongson.cnSigned-off-by:
-
Suman Ghosh authored
1. If a profile does not support DMAC extraction then avoid installing NPC flow rules for unicast. Similarly, if LXMB(L2 and L3) extraction is not supported by the profile then avoid installing broadcast and multicast rules. 2. Allow MCAM entry insertion for promiscuous mode. 3. For the profiles where DMAC is not extracted in MKEX key default unicast entry installed by AF is not valid. Hence do not use action from the AF installed default unicast entry for such cases. 4. Adjacent packet header fields in a packet like IP header source and destination addresses or UDP/TCP header source port and destination can be extracted together in MKEX profile. Therefore MKEX profile can be configured to in two ways: a. Total of 4 bytes from start of UDP header(src port + destination port) or b. Two bytes from start and two bytes from offset 2 Signed-off-by:
Suman Ghosh <sumang@marvell.com> Signed-off-by:
Subbaraya Sundeep <sbhatta@marvell.com> Link: https://lore.kernel.org/r/20221118053329.2288486-1-sumang@marvell.comSigned-off-by:
-
Florian Fainelli authored
Clear the RGMII_LINK bit upon detecting link down to be consistent with setting the bit upon link up. We also move the clearing of the out-of-band disable to the runtime initialization rather than for each link up/down transition. Signed-off-by:
Florian Fainelli <f.fainelli@gmail.com> Link: https://lore.kernel.org/r/20221118213754.1383364-1-f.fainelli@gmail.comSigned-off-by:
Jakub Kicinski <kuba@kernel.org>
-
Dan Carpenter authored
Smatch complains that "err" can be uninitialized on these paths. Also it's just nicer to "return 0;" instead of "return err;" Fixes: 3a344f99 ("net: microchip: sparx5: Add support for TC flower ARP dissector") Signed-off-by:
-
Eric Dumazet authored
I was mistaken how atomic64_try_cmpxchg(&sk_cookie, &res, new) is working. I was assuming @res would contain the final sk_cookie value, regardless of the success of our cmpxchg() We could do something like: if (atomic64_try_cmpxchg(&sk_cookie, &res, new) res = new; But we can avoid a conditional and read sk_cookie again. atomic64_cmpxchg(&sk_cookie, res, new); res = atomic64_read(&sk_cookie); Reported-by:
coverity-bot <keescook+coverity-bot@chromium.org> Addresses-Coverity-ID: 1527347 ("Error handling issues") Fixes: 4ebf802c ("net: __sock_gen_cookie() cleanup") Signed-off-by:
Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20221118043843.3703186-1-edumazet@google.comSigned-off-by:
-
- 21 Nov, 2022 18 commits
-
-
David S. Miller authored
Mat Martineau says: ==================== mptcp: More specific netlink command errors This series makes the error reporting for the MPTCP_PM_CMD_ADD_ADDR netlink command more specific, since there are multiple reasons the command could fail. Note that patch 2 adds a GENL_SET_ERR_MSG_FMT() macro to genetlink.h, which is outside the MPTCP subsystem. Patch 1 refactors in-kernel listening socket and endpoint creation to simplify the second patch. Patch 2 updates the error values returned by the in-kernel path manager when it fails to create a local endpoint. ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
Paolo Abeni authored
Endpoint creation can fail for a number of reasons; in case of failure append the error number to the extended ack message, using a newly introduced generic helper. Additionally let mptcp_pm_nl_append_new_local_addr() report different error reasons. Reviewed-by:
Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by:
-
Paolo Abeni authored
When endpoint creation fails, we need to free the newly allocated entry and eventually destroy the paired mptcp listener socket. Consolidate such action in a single point let all the errors path reach it. Reviewed-by:
-
Kuniyuki Iwashima authored
We assume the correct errno is -EADDRINUSE when sk->sk_prot->get_port() fails, so some ->get_port() functions return just 1 on failure and the callers return -EADDRINUSE instead. However, mptcp_get_port() can return -EINVAL. Let's not ignore the error. Note the only exception is inet_autobind(), all of whose callers return -EAGAIN instead. Fixes: cec37a6e ("mptcp: Handle MP_CAPABLE options for outgoing connections") Signed-off-by:
Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by:
-
Yoshihiro Shimoda authored
Smatch detected the following warning. drivers/net/ethernet/renesas/rswitch.c:1717 rswitch_init() warn: '%pM' cannot be followed by 'n' The 'n' should be '\n'. Reported-by:Geert Uytterhoeven <geert+renesas@glider.be> Fixes: 3590918b ("net: ethernet: renesas: Add support for "Ethernet Switch"") Signed-off-by:
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Reviewed-by:
Saeed Mahameed <saeed@kernel.org> Signed-off-by:
-
David S. Miller authored
netdev.vger.kernel.org archive mirror Steen Hegelund says: ==================== net: Add support for VCAP debugFS in Sparx5 This provides support for getting VCAP instance, VCAP rule and VCAP port keyset configuration information via the debug file system. It builds on top of the initial IS2 VCAP support found in these series: https://lore.kernel.org/all/20221020130904.1215072-1-steen.hegelund@microchip.com/ https://lore.kernel.org/all/20221109114116.3612477-1-steen.hegelund@microchip.com/ https://lore.kernel.org/all/20221111130519.1459549-1-steen.hegelund@microchip.com/ Functionality: ============== The VCAP API exposes a /sys/kernel/debug/sparx5/vcaps folder containing the following entries: - raw_<vcap>_<instance> This is a raw dump of the VCAP instance with a line for each available VCAP rule. This information is limited to the VCAP rule address, the rule size and the rule keyset name as this requires very little information from the VCAP cache. This can be used to detect if a valid rule is stored at the correct address. - <vcap>_<instance> This dumps the VCAP instance configuration: address ranges, chain id ranges, word size of keys and actions etc, and for each VCAP rule the details of keys (values and masks) and actions are shown. This is useful when discovering if the expected rule is present and in which order it will be matched. - <interface> This shows the keyset configuration per lookup and traffic type and the set of sticky bits (common for all interfaces). This is cleared when shown, so it is possible to sample over a period of time. It also shows if this port/lookup is enabled for matching in the VCAP. This can be used to find out which keyset the traffic being sent to a port, will be matched against, and if such traffic has been seen by one of the ports. Delivery: ========= This is current plan for delivering the full VCAP feature set of Sparx5: - TC protocol all support for IS2 VCAP - Sparx5 IS0 VCAP support - TC policer and drop action support (depends on the Sparx5 QoS support upstreamed separately) - Sparx5 ES0 VCAP support - TC flower template support - TC matchall filter support for mirroring and policing ports - TC flower filter mirror action support - Sparx5 ES2 VCAP support Version History: ================ v2 Removed a 'support' folder (used for integration testing) that had been added in patch 6/8 by a mistake. Wrapped long lines. v1 Initial version ==================== Signed-off-by:
-
Steen Hegelund authored
This tests the functionality of the debugFS support: - finding valid keyset on an address - raw VCAP output - full rule VCAP output Signed-off-by:
Steen Hegelund <steen.hegelund@microchip.com> Signed-off-by:
-
Steen Hegelund authored
This ensures that the VCAP cache and the lists maintained in the VCAP instance is protected when accessed by different clients. Signed-off-by:
-
Steen Hegelund authored
This add support for displaying the keys and actions in a rule. The keys and action display format will be determined by the size and the type of the key or action. The longer keys will typically be displayed as a hexadecimal byte array. The actionset is not decoded in full as the Sparx5 IS2 only has one supported action, so this will be added later with other VCAP types. Signed-off-by:
-
Steen Hegelund authored
This add support to show all rules in a VCAP instance. The information shown is: - rule id - address range - size - chain id - keyset name, subword size, register span - actionset name, subword size, register span - counter value - sticky bit (one bit width counter) Signed-off-by:
-
Steen Hegelund authored
This adds support for decoding VCAP rules with a minimum number of attributes: address, rule size and keyset. This allows for a quick inspection of a VCAP instance to determine if the rule are present and in the correct order. Signed-off-by:
-
Steen Hegelund authored
Add a debugFS root folder for Sparx5 and add a vcap folder underneath with the VCAP instances and the ports Signed-off-by:
-
Steen Hegelund authored
This ensures that the last_used_addr in a VCAP instance is returned to the default value when all rules have been deleted. Signed-off-by:
-
Steen Hegelund authored
This ensures that the l3_proto always have a valid value and that any dissector parsing errors causes the flower rule to be discarded. Signed-off-by:
-
David S. Miller authored
Jeroen de Borst says: ==================== gve: Handle alternate miss-completions Some versions of the virtual NIC present miss-completions in an alternative way. Let the diver handle these alternate completions and announce this capability to the device. The capability is announced uing a new AdminQ command that sends driver information to the device. The device can refuse a driver if it is lacking support for a capability, or it can adopt it's behavior to work around OS specific issues. Changed in v5: - Removed comments in fucntion calls - Switched ENOTSUPP back to EOPNOTSUPP and made sure it gets passed Changed in v4: - Clarified new AdminQ command in cover letter - Changed EOPNOTSUPP to ENOTSUPP to match device's response Changed in v3: - Rewording cover letter - Added 'Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>' Changes in v2: - Changed the subject to include 'gve:' ==================== Signed-off-by: -
Jeroen de Borst authored
The virtual NIC has 2 ways of indicating a miss-path completion. This handles the alternate. Signed-off-by:
Jeroen de Borst <jeroendb@google.com> Reviewed-by:
Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by:
-
Jeroen de Borst authored
Check whether the driver is compatible with the device presented. Signed-off-by:
-
Dmitry Vyukov authored
Extend the test to check the scenario when NCI core tries to send data to already closed device to ensure that nothing bad happens. Signed-off-by:
Dmitry Vyukov <dvyukov@google.com> Cc: Bongsu Jeon <bongsu.jeon@samsung.com> Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Cc: Jakub Kicinski <kuba@kernel.org> Cc: netdev@vger.kernel.org Signed-off-by:
-
